]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/user_preference_controller.rb
Bounding boxes are sanitised on creation now
[rails.git] / app / controllers / user_preference_controller.rb
index b07f4ecc5d0e287051522099a1dfb96a3ce9fac4..377e78313ef3dde90ba92a69d174ce32afa9fc4f 100644 (file)
@@ -1,6 +1,9 @@
 # Update and read user preferences, which are arbitrayr key/val pairs
 class UserPreferenceController < ApplicationController
+  skip_before_filter :verify_authenticity_token
   before_filter :authorize
+  before_filter :require_allow_read_prefs, :only => [:read_one, :read]
+  before_filter :require_allow_write_prefs, :except => [:read_one, :read]
 
   def read_one
     pref = UserPreference.find(@user.id, params[:preference_key])
@@ -52,7 +55,7 @@ class UserPreferenceController < ApplicationController
 
   # update the entire set of preferences
   def update
-    do
+    begin
       p = XML::Parser.string(request.raw_post)
     rescue LibXML::XML::Error, ArgumentError => ex
       raise OSM::APIBadXMLError.new("preferences", xml, ex.message)